Google's Android operating system update in May 2021 solved a total of 42 vulnerabilities, four of which were marked as critical severity. The new security patch 2021-05-01 fixes three major critical defects that were found in system components. These three security vulnerabilities are confirmed to be exploitable, and can run arbitrary code on the vulnerable device.
Google's smartphone operating system has its own security system, known as Android security platform, and relies on Google game protection and other service protection measures. These features make the Android system security vulnerabilities unlikely to be successfully exploited.
2021-05-01 vulnerability Description:
In the framework part, the most serious vulnerability requires malicious local applications to bypass the user's interaction requirements, so they can obtain additional permissions. This vulnerability is divided into different tracking names, which are related to the corresponding Android version. Cve-2021-0472 affects Android 9, 10 and 11; Cve-2021-0485 only affects Android 11, cve-2021-0487 only affects Android 11.
In addition to these key flaws, the Android operating system also fixes five other high-risk vulnerabilities. Three of them are related to privilege escalation, while the other two are related to information disclosure.
This month's second Android security update, the 2021-05-05 security patch level patch, fixes 29 vulnerabilities in operating system components, including kernel, framework, AMLOGIC, arm, MediaTek, Ziguang zhanrui, Qualcomm and Qualcomm closed source.
The most serious one is cve-2021-0467, which is a key vulnerability found in AMLOGIC bootrom, allowing attackers to execute arbitrary code even before data signature.
There are also 28 vulnerabilities related to the 2021-05-05 security patch level, but only one of them is marked as medium severity, and the other 27 problems found are marked as high severity.
Visit the official security bulletin for more details:
User comments